Hi Markus,
Great this is still moving forward!
On Wed, Nov 29, 2017 at 08:00:12PM +0100, Markus Koschany wrote:
> Hi!
[..snip..]
> I would prefer this solution. At the moment we check for the version
> string and I think that's sufficient for an initial check. The following
> actions should be triggered by the user himself by answering specific
> questions. What do you think about adding a second question after "Do
> you want to report a regression because of a security update?"
>
> Is this regression in Debian's LTS release?
>
> Yes, this bug is in the LTS release. -> only CC the LTS team
> No, this bug is not in the LTS release -> CC the security team
Can't we deduce if it's LTS from either the packages version number or from
/etc/debian_version. Once we have the code name or number we could do a
simple HTTP call to check if this is stable, oldstable or lts.
I don't know of a page that exposes this information in JSON or similar
but if we don't have it we could add another page to the security
tracker like:
GET /tracker/data/releases
{ 'stretch': 'stable',
'jessie': 'oldstable',
'wheezy': 'lts'
}
We then wouldn't be dependent on the string parsing in the changelog.
Cheers,
-- Guido
